{"report_id":"036c9dbc-fab1-4a59-b713-ddda86ed0103","version":6,"status":"done","tags":[],"date":"2026-03-18T14:12:57Z","url":{"schema":"https","addr":"pump.fun-click.stream/","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":0,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"pump.fun-click.stream/","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"title":"Pump","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"pump.fun-click.stream/","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":0,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-22T14:12:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":7,"urlquery":0,"analyzer":10}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T14:12:33Z","timestamp":1773843153,"ip_dst":{"addr":"104.16.249.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":35974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)","source":"{\"timestamp\":\"2026-03-18T14:12:33.086383+0000\",\"flow_id\":1306978728146566,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35974,\"dest_ip\":\"104.16.249.249\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027695,\"rev\":5,\"signature\":\"ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_07_09\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2024_04_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"DoH\"],\"updated_at\":[\"2023_10_05\"]}},\"tls\":{\"sni\":\"cloudflare-dns.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1654,\"start\":\"2026-03-18T14:12:33.063110+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T14:12:36Z","timestamp":1773843156,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34066,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-18T14:12:36.990979+0000\",\"flow_id\":2228867688562834,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":34066,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.7\",\"port\":34066},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2670,\"start\":\"2026-03-18T14:12:36.983186+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T14:12:36Z","timestamp":1773843156,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34074,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-18T14:12:36.993342+0000\",\"flow_id\":1218553941590346,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":34074,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.7\",\"port\":34074},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2595,\"start\":\"2026-03-18T14:12:36.983370+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T14:12:36Z","timestamp":1773843156,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34082,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-18T14:12:36.995735+0000\",\"flow_id\":706276012327315,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":34082,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.7\",\"port\":34082},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2596,\"start\":\"2026-03-18T14:12:36.983443+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T14:12:36Z","timestamp":1773843156,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34120,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-18T14:12:36.998409+0000\",\"flow_id\":1927352394449569,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":34120,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.7\",\"port\":34120},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2670,\"start\":\"2026-03-18T14:12:36.983713+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T14:12:36Z","timestamp":1773843156,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34106,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-18T14:12:36.998508+0000\",\"flow_id\":2199597486441029,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":34106,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.7\",\"port\":34106},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2671,\"start\":\"2026-03-18T14:12:36.983621+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T14:12:37Z","timestamp":1773843157,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34090,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-18T14:12:37.000430+0000\",\"flow_id\":205989631754718,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":34090,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.7\",\"port\":34090},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2670,\"start\":\"2026-03-18T14:12:36.983518+0000\"}}"}],"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-18","alert":"Hunting_JS_WebAssembly","trigger":"verify-modal-2735.vercel.app/solana?id=69b5437c12ce2dac9075215e\u0026bundle=1","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"cloudflare-dns.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"pump.fun-click.stream","ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"domain_registered":"2026-03-14","domain_rank":0,"first_seen":"2026-03-18T14:13:02.797328Z","last_seen":"2026-03-18T14:13:02.797328Z","alert_count":0,"request_count":24,"received_data":2988351,"sent_data":12486,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"verify-modal-2735.vercel.app","ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":8,"received_data":2858641,"sent_data":4470,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]},{"fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-23","domain_rank":0,"first_seen":"2026-02-25T03:05:04.781981Z","last_seen":"2026-03-12T20:07:07.154249Z","alert_count":8,"request_count":8,"received_data":40697176,"sent_data":4176,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"167.82.5.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-03-15T22:34:11.913686Z","alert_count":0,"request_count":1,"received_data":159984,"sent_data":491,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cloudflare-dns.com","ip":{"addr":"104.16.249.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-03-28","domain_rank":112,"first_seen":"2015-04-09T01:00:28Z","last_seen":"2026-03-16T15:26:36.141172Z","alert_count":1,"request_count":1,"received_data":524,"sent_data":521,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"pump.fun-click.stream/noir.js","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"cdec5fa615100715a4adfefa5b43df77","sha1":"da18fe21cfc899e1492f71e68421e165e9ee99c1","sha256":"8d2259b76d97f825eaa8810aae36966158972f4eabcdb98dee5455afe6105876","sha512":"1961146d6776dc3cdd961aba9bba82a3bdc7d6aa1a7a5244dbf6e15456e09a9f50e1f8821990cbad17d59c67e30de80f973f24d687af8ed63eb151e7430e3b66","ssdeep":"1536:DMpGg2gPKeO3v4BEnbkMKslM/omB4jsjw964BNBFiB8kvXhJBgUvC5LUScc7sVpv:48gieOfTnoMkzWd8SgFN","tlshash":"86534cabcf4f3d528f341a0a23ee1cc9061d5b8a74d244dd560fb2ce825aa7715c89ed","size":65891,"data":"","first_seen":"2026-03-14T12:30:42.305653Z","last_seen":"2026-03-18T14:18:46.224648Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"introduction_type":"eval","is_inline":false,"md5":"f429cb4c1d703aca9041bda1ce35deb5","sha1":"97d71c114c5ddd9999744e35bed47f13cc18d0d1","sha256":"c218af5ffad3d93e4469cfcfdafbb690a99c7f319f6b3f531b62058d7b187586","sha512":"1bc9506bb87b936f9b7ce821d7b39c2437ca44b6b069994ed358a3569616c5f1008579e82b1bdbd635e49639419e14323aa724c2f880351a78f96d6ca790308f","ssdeep":"768:Z0CpKfjEZxtky8pWytDMc8yN2ea8kqweQAxZ3MCqqkO:ZWjEZxp8rV8yN2eweQAxlRkO","tlshash":"8c234909bba31335aa23607f1b7fa66c713990075406c914f9ad9350afa0f46163bbfd","size":49338,"data":"","first_seen":"2026-03-14T12:30:42.310516Z","last_seen":"2026-03-18T14:18:46.228853Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/solana?id=69b5437c12ce2dac9075215e\u0026bundle=1","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4dd30bd96a9a8e159a7f4f44a55ffc41","sha1":"4bab4d1a527a2ddcb0adece152bdca18797f1e49","sha256":"10b49a886a8806dd6350ddcbb138ab363455c850eb752374a6e928c5864449dc","sha512":"4e21a41cb45b64fc651634fede22dd61b70b435efce12f4f7a609b121b30a59d1a9dbb34f0bc46bfb9a949ec10cb30bb87e4baebecc7e41b822fa22f47cce191","ssdeep":"49152:c48xPkUF2Yp8Su3izVEbMsTpJrtVk4G/TNAga6XUdxnCWCawOJwSH171mDhBpWLE:q7uiJMTCWCawOJc","tlshash":"cfd56ca073a1747907e782e455a71100f334a40a700984bcfbec95f7af9aaca957bf35","size":2850455,"data":"","first_seen":"2026-03-18T14:13:10.141463Z","last_seen":"2026-03-18T14:18:46.23021Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-18","alert":"Hunting_JS_WebAssembly","trigger":"verify-modal-2735.vercel.app/solana?id=69b5437c12ce2dac9075215e\u0026bundle=1","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/ccoin27/satxcloud-cdn@7b68f26a3f9d90286e7eefb2e8826457d4b4e225/jschallenge.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"167.82.5.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb78ff18f434b7c000f42dc08acf45bd","sha1":"12289b457cd2d4e9cdfe1ae6fec376a7ab35e4ac","sha256":"384853d2dda00760f72f51f4b65c75a94e6bcc9324f9d5dc4e67d20d33b4f16c","sha512":"cf61c897006956e7e1ad857cbd2b23879e16634ca400020cb214c361a24de9f817023eeaac058c783d79039809d7977c91b89eee2f0f2489a16bf29babd3ad12","ssdeep":"3072:+dNwZM3Mi3vxHIZgHHrGfYc3aRPfJbzgoFhI0pYcgJXCiqicd5ie:+dNwWl3pHIZmLvFdtdKe","tlshash":"c9f30e6113c1ade1144b4f62bbeeb6f4e73c69387345089be150bd64b6b780adfa0934","size":159162,"data":"","first_seen":"2026-03-18T14:13:10.120593Z","last_seen":"2026-03-18T14:13:10.120593Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"pump.fun-click.stream/noir.js","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /noir.js HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 65891\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":65891,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cdec5fa615100715a4adfefa5b43df77","sha1":"da18fe21cfc899e1492f71e68421e165e9ee99c1","sha256":"8d2259b76d97f825eaa8810aae36966158972f4eabcdb98dee5455afe6105876","sha512":"1961146d6776dc3cdd961aba9bba82a3bdc7d6aa1a7a5244dbf6e15456e09a9f50e1f8821990cbad17d59c67e30de80f973f24d687af8ed63eb151e7430e3b66","ssdeep":"1536:DMpGg2gPKeO3v4BEnbkMKslM/omB4jsjw964BNBFiB8kvXhJBgUvC5LUScc7sVpv:48gieOfTnoMkzWd8SgFN","tlshash":"86534cabcf4f3d528f341a0a23ee1cc9061d5b8a74d244dd560fb2ce825aa7715c89ed","first_seen":"2026-03-14T12:30:42.305653Z","last_seen":"2026-03-18T14:18:46.224648Z","times_seen":4,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":44,"dns":1,"connect":17,"send":0,"wait":26,"receive":35,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_e2aee3fed0c7c43d9a9592c6d568ebe48d0e4d0a.png","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_e2aee3fed0c7c43d9a9592c6d568ebe48d0e4d0a.png HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/png\r\nContent-Length: 46042\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":46042,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 240, 8-bit/color RGBA, non-interlaced","md5":"67f05b2c435e5be3c43d3fb07fa054d3","sha1":"e2aee3fed0c7c43d9a9592c6d568ebe48d0e4d0a","sha256":"a3e5cd929f00b9e93f73149cdcb5e0621c0c51a55bbc89d61a46bf88686526bf","sha512":"2e19616a20d27411ca35ccb02a02bb56f2e5c29ba5ba099e3d110023cfe9f50524dca391f89c3f606b8eef8c5925991a132542733f92f047cb109fe55e8f5bdd","ssdeep":"768:vE01F1ic73BKmqSEeOoEJkR3HS30xqfJMb+VSJQKertKIPlmB/ONEEH:vEcFfkKpE2R3G0xqfJMSQJEtKIPO/OK8","tlshash":"5523013af0a84512e25fc372de7bb7a201675a9c8600838545b548bc106e69af817fbc","first_seen":"2024-12-12T16:28:27.701993Z","last_seen":"2026-05-14T18:55:07.290668Z","times_seen":141,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_d343204cb47e680b7efba0cad8e7958e07e523fb.svg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_d343204cb47e680b7efba0cad8e7958e07e523fb.svg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 996\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":996,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"574b9e8c157fdcb1f62db13a3974b268","sha1":"d343204cb47e680b7efba0cad8e7958e07e523fb","sha256":"a27e00c9eae8be042d8ca20180bd1c409f3206739500712b9a1d0a99e59e95b4","sha512":"3ffdf84da9d003dddc8359d894c3979b946c946a6cf4fd0b6061a89e32032154bd8db8fe0cb13b6db177f8ee948076d843829477afe32d8c8e9dc31958deef02","ssdeep":"","tlshash":"2511027f131d11d5f80acfe4d30ba4e37a1254a66628f008806658c2fb08d5c5df6ce4","first_seen":"2025-12-18T09:47:26.932536Z","last_seen":"2026-05-06T23:07:45.718948Z","times_seen":128,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":50,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/api/v2/binary","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"OPTIONS /api/v2/binary HTTP/1.1\r\nHost: verify-modal-2735.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-config-id,x-session-id\r\nReferer: https://pump.fun-click.stream/\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ndate: Wed, 18 Mar 2026 14:12:37 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zIJdVT6HOWaz1BE8ShnbQOp0gnUfLyhkMvmghsZ7FQSbBzJKq9EXweWHBFKf001MEMSHNwsJ10MyhOWF0c1wWdIeR6Y%2Bp%2F767DEzvqDQ2hoS1ePStUtTmJQYo67hVsrZpYQLH6Gd\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::wnlnp-1773843156941-270d0ac10183\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-16T18:14:59.881264Z","times_seen":15290215,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_6499a8936200143cdbce9dd84f628c77ed25c7cd.svg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_6499a8936200143cdbce9dd84f628c77ed25c7cd.svg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2203\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2203,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2453bde6c21392341f27c6d2152db2cd","sha1":"6499a8936200143cdbce9dd84f628c77ed25c7cd","sha256":"5fd26b35cde9423feac2a555312cd5a8e32bc07d934c59e6b750bdbdebac5049","sha512":"8417ad500c4643fcf4333cede2ac6b93051a97d29bea9e731d317156d357c3d8e394dce7a25e213bf07851b2168ab3a982473e298aa4d8ff7b41400e56dfbe35","ssdeep":"","tlshash":"a54181ecb71498bcea9807bfb61420d8361981f93a2740de903e339034219adc414ccf","first_seen":"2025-12-18T09:47:26.931007Z","last_seen":"2026-05-06T23:07:45.717948Z","times_seen":114,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":52,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_d74df8faee3d85987008c35a60f5b1872d32f116.ico","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:33.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_d74df8faee3d85987008c35a60f5b1872d32f116.ico HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:33 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 182941\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":182941,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel","md5":"02af5b6696bb734e806685609b3b5d70","sha1":"afa822c7dd195e5ed9d4ce4c6ad700f6ae66d0e2","sha256":"a8f0d092855a78553b812e785e708c74b378476165e78a307fb895e683fbe02b","sha512":"7d16c3ed7d670a073585f2e3cad528c62e44f30cba409ebec62a39d78f8468fb0fc2a9b314ad7417fea9d2b254b7536a479df225c2ff694c974ddf4888364cd8","ssdeep":"768:kNeCDG6jWs+0Qr8r0JLQvMPZG0N8sy3+O4oqi9RdSTce2YdMsXZXv09SrdmmkRKO:2BjWHcrNvalPYsQ2XZXv0UhmBRK9JW","tlshash":"2304b555a7bdd830cec803b31b1680c42e3d2c94fb94d655a572731923bb9add0af1ea","first_seen":"2025-11-15T00:25:53.69943Z","last_seen":"2026-04-28T23:52:00.079447Z","times_seen":122,"resource_available":false,"data":null}},"time_used":476,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":469,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_d3e2dbb1530f6a00a41c9467e977fb61048ed08d.svg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_d3e2dbb1530f6a00a41c9467e977fb61048ed08d.svg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:33 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2653\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2653,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7ac045d44726d3ecd7d70cc10fd98c72","sha1":"d3e2dbb1530f6a00a41c9467e977fb61048ed08d","sha256":"2c72b8e06bbd7be8823c2cce4bbe652ba7a36e35074b8a1b27fd668304816379","sha512":"488d3da62f6ba30a36f8bb106262c3342583a719402680e34ce6d99ba26db1aea5d14496d7427aa39544527a3d5f63a0030d6e32d48e4366e07aacd5db5d12a8","ssdeep":"","tlshash":"395171ff7b5448e5de86c2f8eb2a2adb782a24d97120464193d42f29780176c4d8ac93","first_seen":"2025-11-15T00:25:53.758655Z","last_seen":"2026-05-14T18:55:07.29564Z","times_seen":329,"resource_available":false,"data":null}},"time_used":1012,"timings":{"blocked":101,"dns":0,"connect":0,"send":0,"wait":910,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_f1cccf0319f4f2b62782735d6c0b603c8c2522ec.png","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_f1cccf0319f4f2b62782735d6c0b603c8c2522ec.png HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/png\r\nContent-Length: 42883\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":42883,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 178 x 100, 8-bit/color RGBA, non-interlaced","md5":"3ae6dd7c531db18e345e403928e4e37c","sha1":"f1cccf0319f4f2b62782735d6c0b603c8c2522ec","sha256":"3b57aa235fb1cce8dc994161a367c3d9de5a9145a7b53e62f7c98e3b71b0011f","sha512":"3165dd6a3b0e3fafb42460c3c30dd22d97bf24e79f371e19affb1e574dee5e016317740f0b86f69f8e2d4e3fb7d401d17709c98ffb0f423b1eb56b62e51d1005","ssdeep":"768:8KydPSwdN0Ev59w6wuFdvUp7MxQmhBJ9VOnXFgRuMYZWwIUiSOzPevdpxew:83Uu0E7w4dvK7WQmFE0zyW5SOjevNz","tlshash":"ad13f1cc002d96e4fa0d9733a1db28ce1157f96d6cb642399826df9590188f273cab5f","first_seen":"2026-01-31T13:50:49.910729Z","last_seen":"2026-03-18T14:13:10.100425Z","times_seen":10,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":150,"dns":0,"connect":0,"send":0,"wait":18,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_e30d504f84a2648813d01f5eb66b68006d58ace1.jpg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_e30d504f84a2648813d01f5eb66b68006d58ace1.jpg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 1835\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1835,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3","md5":"c78c1b392cef234f964973899d39fc5f","sha1":"e30d504f84a2648813d01f5eb66b68006d58ace1","sha256":"e461a907067f3e31e551a3eb72197fa32a6ce544c3aa84172389778b4fd9f662","sha512":"88d726bb68fc5c3ee4eecd251bd0d5f825d7af4572807b8ea199f4168a1bd809f62c0acd86e9da822334122c28ac3de5234ff333b1175d54aefe7bd7cdb47349","ssdeep":"","tlshash":"c131eb27f116dae7de4e10305090272975ea5ef3f290f7918cd935805cbe445870159e","first_seen":"2025-12-18T09:47:26.914821Z","last_seen":"2026-05-06T23:07:45.750316Z","times_seen":14,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 07:41:58 GMT","end":"Fri, 12 Jun 2026 07:41:57 GMT"},"fingerprint":{"sha1":"C0:16:76:CB:73:59:54:FD:EE:F5:98:D9:1E:84:2C:64:5E:69:4A:C1","sha256":"EB:7F:C6:00:94:82:C3:E3:51:75:19:72:94:30:B8:60:5D:EE:9D:90:4D:0A:8E:6F:2C:9A:F7:84:10:1D:65:C5"}}},"request":{"raw":"GET /phantom-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Mar 2026 14:12:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:18 GMT\r\nVary: Origin\r\nServer: cloudflare\r\nCF-RAY: 9de4d5535cf92678-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2031700,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"37d621b0888b9c9acaadc1142424a21c","sha1":"cbb67a69d5c908ed0643897721984ff71bf7a0d8","sha256":"b69becaf20ae2c964f0068c915b5d036da7dc363b1ea662f069f53f647706314","sha512":"474aad76d233471363cdabd9efc14cc91b32e291fc0e70d5bac4f9e5e20c36399f05f2f099795fa60cc9a7147632933594604474935b1e73923115ea8eaf7391","ssdeep":"24576:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVtxB6Ewq4zG:ZhZv4JsZDL8Da1a","tlshash":"e925333bc65d46417aa900115b2162708d3368ac58ffe63383edde72d78ba3c7d643a9","first_seen":"2026-03-08T18:49:18.127937Z","last_seen":"2026-05-10T10:13:51.006458Z","times_seen":61,"resource_available":false,"data":null}},"time_used":714,"timings":{"blocked":70,"dns":37,"connect":1,"send":0,"wait":431,"receive":139,"ssl":33},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/style.css","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: text/css; charset=UTF-8\r\nContent-Length: 89479\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":89479,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (38438)","md5":"c6253dc4e9bd3277f1187da2362fe891","sha1":"121c40258849a4dcbd6111fea09416184ebc4851","sha256":"74da04038b6a87774e578e5d27cde97a0fb5c033d7808fa33e9a65988da462a0","sha512":"dd9cfd1eb03c5c37fcd565fd8d06ec57524d95e2fda78770ec50ecf6aceebe4bcafc33f914a89e720c9acc59b219a56c1014f55b117031ca95243e74f70d4b02","ssdeep":"768:JRyLLJdKzuk6RuTb2L98nmPA78oF8NzxPayNL9yl2jvsDPQjcX:JRy3euaTbNmPA78oFodCyKlws7Iw","tlshash":"bd93a798eb44503b7c2350ed92cca59da12ef981efa30ad9fa916024dec37f719b5740","first_seen":"2026-01-31T13:50:49.912666Z","last_seen":"2026-03-18T14:18:46.19163Z","times_seen":9,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":39,"dns":1,"connect":16,"send":0,"wait":32,"receive":34,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_6aace13a1bc9abc667ab29f1521251853cc55051.png","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_6aace13a1bc9abc667ab29f1521251853cc55051.png HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/png\r\nContent-Length: 904412\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":904412,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 918 x 516, 8-bit/color RGBA, non-interlaced","md5":"2786bb2a1bbd7ed5e15871a2b6f7ad79","sha1":"6aace13a1bc9abc667ab29f1521251853cc55051","sha256":"15f9c5ee46c4cb1b702b7ba1190b14d4a9b5bde743dbfafc3084ab30d5281aed","sha512":"d8b7cb3ade29d5134da434d36280d1cf210565028cefed39cce5140f7d8e2d8d8c0fb52217e9b7aeeea386505faa4f35663706b8b20b50b7d339b85631993044","ssdeep":"24576:vlfvwcF1cqE9rMvyERZ3k4hK8YjWAinsLgPZp:vN4Mcd9YvcWAFE","tlshash":"3415333ab4c27b79d4af3662d01976b6e80511ae15e66be9277af0cc00c63c0ed48f75","first_seen":"2026-01-31T13:50:49.921763Z","last_seen":"2026-03-18T14:13:10.104387Z","times_seen":10,"resource_available":false,"data":null}},"time_used":1415,"timings":{"blocked":153,"dns":0,"connect":0,"send":0,"wait":205,"receive":1057,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_6a699f365ea95ebb1030cee909bba1bc7d407beb.jpg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_6a699f365ea95ebb1030cee909bba1bc7d407beb.jpg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 65873\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":65873,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 1920x1080, components 3","md5":"3703bb4ffe43a9d5fe86ce6c6af90e5b","sha1":"6a699f365ea95ebb1030cee909bba1bc7d407beb","sha256":"0bc11b8aafe390e4340c9b390c9ccb0dc8b24ec7f5ad8feb9a666bf9b6566db4","sha512":"ed9721e28113179f89a52c6cba914831bbfce97f713c601add98ace71aa16805e6354a23b50f6abb2c7e75057bbb4d2174a6c40611be86afea78e31cbff2e0b2","ssdeep":"1536:7IVTedHuGPQ4Dk8eSfUi34JHZqXLh9a2mLoHa7Wsfi7jB6tyytBToWE:7IdedHSp8eppZqbPa2mLo67/IjY/ToWE","tlshash":"a75301d061c091f8de92c629a9378aa1354fe64d42cfce452a4f431fb3152b61b80abf","first_seen":"2026-01-31T13:50:49.92002Z","last_seen":"2026-03-18T14:13:10.10534Z","times_seen":10,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":18,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_18b107894fcc839d889ecdacebcb66c140a4023c.jpg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_18b107894fcc839d889ecdacebcb66c140a4023c.jpg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 1422\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1422,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3","md5":"e8e028b2e11b028693683235590b3c4b","sha1":"18b107894fcc839d889ecdacebcb66c140a4023c","sha256":"85eaee2f6bbabb715542a2a416469bb1855c6a58241f4e0ee307b5adbb42f04e","sha512":"72a2c4fce22f7658fd6cf75944353b60671666b4525a7adb1689c615b073ab5b615954d31415e1d34c236fc4177292fbc268363c0e4ee49f9b6b50646dbd6925","ssdeep":"","tlshash":"2021944ab90d62e1fd19603c42d32b6ab2c8df42a470db0d0510398b16f5499cf05a9a","first_seen":"2025-12-18T09:47:26.934002Z","last_seen":"2026-05-06T23:07:45.749786Z","times_seen":14,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":120,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_698e2ef14957d3ee9bb847b31a4d8db58cc7ecbe.svg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_698e2ef14957d3ee9bb847b31a4d8db58cc7ecbe.svg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 1108\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1108,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"79b0d0cf3e74dcfb1447050c6eb7204d","sha1":"698e2ef14957d3ee9bb847b31a4d8db58cc7ecbe","sha256":"f0a1e2263ef6cdf30ab88d2f53e6d4e16a40e66fc3f4d28755d6bc11bb19ec81","sha512":"f5f7fc4cfbc6b2f48ee942a1fa480dfa55ba6064676a2b1eb926acf7142e705abd683dab90e491d4f191bb58c4ba3518f180c37426133c470644d5903abce60b","ssdeep":"","tlshash":"5c11aad53747d374c447eafd0a262dd06c1754f66725a47fc2813c0aa8560a53ca48fe","first_seen":"2024-09-19T20:57:03.475064Z","last_seen":"2026-05-15T19:37:38.858709Z","times_seen":70,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":51,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_4bedd7a8bb870242463c32dd6514110998619883.svg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_4bedd7a8bb870242463c32dd6514110998619883.svg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 277\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":277,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"84e69edfdc5f95304ca09ecdb8b4470a","sha1":"4bedd7a8bb870242463c32dd6514110998619883","sha256":"99dfaae864d697c0c85271501b1c9d3fa055bbcd5891ff143412e482ddd05226","sha512":"b92795a66c3d7f0691604f8448fa2a68bd1e8627148b5d22b55de5805fe9524246d3130e9f69d5613cf42b4f25b34edee62992238ee14cb56599f268fa367469","ssdeep":"","tlshash":"53d02b15530cad1cfe228510c35c723950ea62521b5e054ce9622235751c59f7d3fadd","first_seen":"2025-12-18T09:47:26.941018Z","last_seen":"2026-05-06T23:07:45.753779Z","times_seen":119,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":54,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 07:41:58 GMT","end":"Fri, 12 Jun 2026 07:41:57 GMT"},"fingerprint":{"sha1":"C0:16:76:CB:73:59:54:FD:EE:F5:98:D9:1E:84:2C:64:5E:69:4A:C1","sha256":"EB:7F:C6:00:94:82:C3:E3:51:75:19:72:94:30:B8:60:5D:EE:9D:90:4D:0A:8E:6F:2C:9A:F7:84:10:1D:65:C5"}}},"request":{"raw":"GET /phantom-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Mar 2026 14:12:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:05:42 GMT\r\nVary: Origin\r\nServer: cloudflare\r\nCF-RAY: 9de4d5535f5376ef-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3967947,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"d93576ba91ca34c6a838ecb0a2007171","sha1":"c4e5bde21d173bd4fcd9129fbdbde6222c276da2","sha256":"bd3b1e09eca059acc8e0bbb505184eb2e25f7d41b27842fc776734881d4742df","sha512":"1757d06e3d6fcf45d5a48f8f6339866791fe4add35e57b447144d7b3bc7c7b25a851adda4b4abfdadc8dc7134f21016a79f7405bb79e50115dce6a8c93a59ef6","ssdeep":"24576:avufiMHLszpYKMLHl4XSjC3h+NeQo3QSlw:oFMHLsMl/CzsAw","tlshash":"db2523ae806d4dc1229501a12516783c14a5a07e8df2bc3db5a8df8dc29ff7b9ce90f5","first_seen":"2026-03-07T01:35:12.450999Z","last_seen":"2026-05-10T10:13:50.977502Z","times_seen":62,"resource_available":false,"data":null}},"time_used":865,"timings":{"blocked":64,"dns":33,"connect":1,"send":0,"wait":434,"receive":298,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 07:41:58 GMT","end":"Fri, 12 Jun 2026 07:41:57 GMT"},"fingerprint":{"sha1":"C0:16:76:CB:73:59:54:FD:EE:F5:98:D9:1E:84:2C:64:5E:69:4A:C1","sha256":"EB:7F:C6:00:94:82:C3:E3:51:75:19:72:94:30:B8:60:5D:EE:9D:90:4D:0A:8E:6F:2C:9A:F7:84:10:1D:65:C5"}}},"request":{"raw":"GET /solflare-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Mar 2026 14:12:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:30 GMT\r\nVary: Origin\r\nServer: cloudflare\r\nCF-RAY: 9de4d5536892c759-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6028322,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"702758821d82f5549c2922f81710886f","sha1":"f318b7afd08f139ed22ac505130fc66efcc40962","sha256":"8b093466588a613d01fdfa9d301866c5a064d3f7e8b8d0105c6b3df4972c15bb","sha512":"27b892bfafa582e0d5b19eb7d7c7e714c468c58aecb3bc69f81b37b273f9222cb302f34045e4bfb3d436e6be55a3fa54b223cd6f801045bed2a8ba6dc3c41c90","ssdeep":"24576:WKS1/OBbi61/Vvx5qYONFC9VGM60S15tk+ebyMyRfMdlE:38h+tvxpOXC9VBTOFR0dS","tlshash":"412533b9b82a3481eb0179507d6f2522a9f7746f487b7f734354fa2363eae85d2c1018","first_seen":"2026-03-08T18:49:18.14445Z","last_seen":"2026-05-10T10:13:50.979515Z","times_seen":61,"resource_available":false,"data":null}},"time_used":1271,"timings":{"blocked":62,"dns":28,"connect":3,"send":0,"wait":625,"receive":519,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/api/v2/binary","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:37.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/binary HTTP/1.1\r\nHost: verify-modal-2735.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pump.fun-click.stream/\r\nContent-Type: application/octet-stream\r\nX-Session-Id: d9a35f51b521105db5872592bba8bf23\r\nX-Config-Id: 69b5437c12ce2dac9075215e\r\nContent-Length: 99\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 18 Mar 2026 14:12:37 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6xAfDuMbfaM8w0PUirnJZUPQb%2B9uF2JLDTgbI%2FQfP7zv9KlolMfUWRtimeTjyJgc%2BX3IrFhcqZEQwQ02ZskKwagRVUq%2FlyiS1tZ39gTN%2FX5ja9MiqsxfPJH%2FnT1Ob0SnxxWG%2F0Id\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::wnlnp-1773843157048-79b511c5a866\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"1763ec7fe9d25449893260ea08a7939c","sha1":"05b9e1b5328330fb72f88171ac18fa2dcd940227","sha256":"8ce6948a271c7d9b1c01b4fc08f1aee50010ed8428bfef76bb751c898e676f39","sha512":"b23d5ed0058e953f7eb00759459a65f871bad2d1742c6cfc3131210482a3ad24b0726410a597f392523b4a0215a75b74d2223547a60250aaaaa2661b4d14c813","ssdeep":"","tlshash":"75b0124817a42148e08406721f2d1d4552468e50dc94572a42cd95350c0a6d414d083b","first_seen":"2026-03-18T14:13:10.11501Z","last_seen":"2026-03-18T14:13:10.11501Z","times_seen":1,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/api/v1/config/mode?id=69b5437c12ce2dac9075215e","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:33.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"GET /api/v1/config/mode?id=69b5437c12ce2dac9075215e HTTP/1.1\r\nHost: verify-modal-2735.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pump.fun-click.stream/\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/json\r\ndate: Wed, 18 Mar 2026 14:12:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OkkLM%2FVHOdedKFAIv9sK3yfN8GefNk3q77KyNwQTinA81%2FZD%2FGnqFs69eNdK7AEX%2FOUcBsDfRNqsdN9q3keGXuckdHSTqlzi7fh99gISKtPnUoQCg92nJe%2BjLgOOb1WXSmDiQPtz\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-ratelimit-limit: 60\r\nx-ratelimit-remaining: 59\r\nx-ratelimit-reset: 60\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::kfz8h-1773843153400-d780b7926e8d\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6c8933ec6f2be0acd8db0fa1e80cd843","sha1":"4cc03cca7268d0f15e6f55b4e32b9960503ab006","sha256":"fd290ac098e76d9c60331d6fef354045796061cff05f3ac267ca4dc1db06cacf","sha512":"eb275b329c6df26de422358d034f2b1b69f5c0210497b0be1b0be7c91a9be5be20b24b7dac7583a22125d3b49d42571bfca013ade0ed6dc28265ca4d7e3d3610","ssdeep":"","tlshash":"f58004c435c51445040141c54414404455100031500cd01c44557d0050555505014c5f","first_seen":"2026-03-14T12:30:42.283723Z","last_seen":"2026-04-29T15:31:57.767322Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1509,"timings":{"blocked":48,"dns":20,"connect":1,"send":0,"wait":1413,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T14:12:32.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Encoding: gzip\r\nContent-Length: 311\r\nCache-Control: no-store\r\nConnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":372,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (371)","md5":"bb77b104c81541534f59714261312a5d","sha1":"f6a300ad8a9cd28781f89c54874590e8f84ba6de","sha256":"e87f6e97100d3472d4937ec93d1920287713ee79b5b7161431f4a74c5826e9c7","sha512":"09dbe85ba4a1c89ad40cbe4673d5a7ba06b52a865d9d0cdf5bdf50575f3ce5f5c3cef7411e171a3092dc9094d4ac73b8f22ba97da3217145b50e86d6ccc9d44c","ssdeep":"","tlshash":"cee068ffc452e01fb5325aa12cb1316c00596bd52b424ea229e97e689d84248882760a","first_seen":"2026-03-18T14:13:10.1182Z","last_seen":"2026-03-18T14:13:10.1182Z","times_seen":1,"resource_available":false,"data":null}},"time_used":897,"timings":{"blocked":435,"dns":409,"connect":16,"send":0,"wait":15,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/ccoin27/satxcloud-cdn@7b68f26a3f9d90286e7eefb2e8826457d4b4e225/jschallenge.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"167.82.5.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.711Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /gh/ccoin27/satxcloud-cdn@7b68f26a3f9d90286e7eefb2e8826457d4b4e225/jschallenge.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 7b68f26a3f9d90286e7eefb2e8826457d4b4e225\r\nx-jsd-version-type: commit\r\netag: W/\"26dba-EiibRXzS1OnN/hrm/sN2p6s15Kw\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 739726\r\ndate: Wed, 18 Mar 2026 14:12:32 GMT\r\nx-served-by: cache-fra-etou8220057-FRA, cache-osl6541-OSL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 47542\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":159162,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"fb78ff18f434b7c000f42dc08acf45bd","sha1":"12289b457cd2d4e9cdfe1ae6fec376a7ab35e4ac","sha256":"384853d2dda00760f72f51f4b65c75a94e6bcc9324f9d5dc4e67d20d33b4f16c","sha512":"cf61c897006956e7e1ad857cbd2b23879e16634ca400020cb214c361a24de9f817023eeaac058c783d79039809d7977c91b89eee2f0f2489a16bf29babd3ad12","ssdeep":"3072:+dNwZM3Mi3vxHIZgHHrGfYc3aRPfJbzgoFhI0pYcgJXCiqicd5ie:+dNwWl3pHIZmLvFdtdKe","tlshash":"c9f30e6113c1ade1144b4f62bbeeb6f4e73c69387345089be150bd64b6b780adfa0934","first_seen":"2026-03-18T14:13:10.120593Z","last_seen":"2026-03-18T14:13:10.120593Z","times_seen":1,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_9b7703a462a9c20fb947cc1fd724a75d61ba3238.svg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_9b7703a462a9c20fb947cc1fd724a75d61ba3238.svg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 60488\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":60488,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"20e346583b6756a13559f1583009b9e2","sha1":"9b7703a462a9c20fb947cc1fd724a75d61ba3238","sha256":"d2161f883307c949aa8149a3de14fe1571e050c577c8af6b38a4a3b56c3cba83","sha512":"ede21f2d59a546e212d8dedd1afdde210ddcbb5706a55325bbb4ca132f96b848fefedaa394b97e4b8843792cc031fc53614e501378a620f4acea8146bab9ca3c","ssdeep":"768:hFj6oZjZWzlcH6iVbSCqjew8xrGfKsqaI4:1ZjZS2RMSRxriH","tlshash":"7c43ab30778c1509d270abdd831ca496e833a0839a1b0594cb433dea5f6a795fd7b1ee","first_seen":"2025-08-29T22:10:37.955387Z","last_seen":"2026-05-06T23:07:45.724019Z","times_seen":190,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":155,"dns":0,"connect":0,"send":0,"wait":147,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_9b03bbf5eda7755561c110d65de7b8e27950b48e.svg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_9b03bbf5eda7755561c110d65de7b8e27950b48e.svg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 341\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":341,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5ef0b9759e78901bd75f2132e7ffafd8","sha1":"9b03bbf5eda7755561c110d65de7b8e27950b48e","sha256":"a0d6b57b43548b146ed18f30db6263585ef218823b848220273a573d64c89b5d","sha512":"fb4c8ac8c79a8da7d8f9be2e5e95311749401964f8ad6f04fc5375fa0dde9e96aa2f4092496bd7a953a72c0fc47d4235b66a98ade002c1e717be17d2eb4f6ab6","ssdeep":"","tlshash":"05e026e6538ced1cfa11c653e319723e10693297370d5888e952216065181ce7a3ba9e","first_seen":"2025-12-18T09:47:26.94246Z","last_seen":"2026-05-06T23:07:45.719668Z","times_seen":15,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":68,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/api/v2/binary","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/binary HTTP/1.1\r\nHost: verify-modal-2735.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pump.fun-click.stream/\r\nContent-Type: application/octet-stream\r\nX-Session-Id: d9a35f51b521105db5872592bba8bf23\r\nX-Config-Id: 69b5437c12ce2dac9075215e\r\nContent-Length: 99\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 18 Mar 2026 14:12:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r%2FkmZsGoOvlwo2thkernQ8Ah2OkiDFLS8Fw5XsrS7LDpH1MKlYD8iDplTGUhLwTcx97wosqik6bIF17HOa9AgvOAxybyJZSFnpWbG6b7xkc4BgxMHWNXREpTJYVaDTMfLrgNbEO%2B\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin,Accept-Encoding\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::wnlnp-1773843156820-4b475be0eacb\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1123,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"cc7c769899990bb94bc81e5e8e464333","sha1":"4bf6c67c03ebe1d82d6f86802f4f34a9cb5469d1","sha256":"58e38999fb14b7dfe3fda19c976ea7e98c45b0faad18f49d354810121ad2bbd5","sha512":"21fab8b0f9d9f1ab68636e6af356cc4d9635b35c1195fe73d7959138954fbbbae889990e8c5172c0e51ad239e16f007bca51500da2e6a1df1953b4b38a88c92c","ssdeep":"","tlshash":"9b21968148ba0ee1dc102b39172ae4a7310878fdd2431b1246861c7140ffa575de5c4d","first_seen":"2026-03-18T14:13:10.124667Z","last_seen":"2026-03-18T14:13:10.124667Z","times_seen":1,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 07:41:58 GMT","end":"Fri, 12 Jun 2026 07:41:57 GMT"},"fingerprint":{"sha1":"C0:16:76:CB:73:59:54:FD:EE:F5:98:D9:1E:84:2C:64:5E:69:4A:C1","sha256":"EB:7F:C6:00:94:82:C3:E3:51:75:19:72:94:30:B8:60:5D:EE:9D:90:4D:0A:8E:6F:2C:9A:F7:84:10:1D:65:C5"}}},"request":{"raw":"GET /phantom-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Mar 2026 14:12:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:26 GMT\r\nVary: Origin\r\nServer: cloudflare\r\nCF-RAY: 9de4d5535ae12efa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2031700,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"37d621b0888b9c9acaadc1142424a21c","sha1":"cbb67a69d5c908ed0643897721984ff71bf7a0d8","sha256":"b69becaf20ae2c964f0068c915b5d036da7dc363b1ea662f069f53f647706314","sha512":"474aad76d233471363cdabd9efc14cc91b32e291fc0e70d5bac4f9e5e20c36399f05f2f099795fa60cc9a7147632933594604474935b1e73923115ea8eaf7391","ssdeep":"24576:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVtxB6Ewq4zG:ZhZv4JsZDL8Da1a","tlshash":"e925333bc65d46417aa900115b2162708d3368ac58ffe63383edde72d78ba3c7d643a9","first_seen":"2026-03-08T18:49:18.127937Z","last_seen":"2026-05-10T10:13:51.006458Z","times_seen":61,"resource_available":false,"data":null}},"time_used":747,"timings":{"blocked":66,"dns":36,"connect":1,"send":0,"wait":435,"receive":175,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cloudflare-dns.com/dns-query?name=_r.chrome-extension-da0e5-bc.com\u0026type=TXT","fqdn":"cloudflare-dns.com","domain":"cloudflare-dns.com","tld":"com"},"ip":{"addr":"104.16.249.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:33.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflare-dns.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"SSL.com SSL Intermediate CA ECC R2","organization":"SSL Corp"},"validity":{"start":"Wed, 31 Dec 2025 19:20:01 GMT","end":"Mon, 21 Dec 2026 19:20:01 GMT"},"fingerprint":{"sha1":"F8:86:35:01:72:60:D4:0B:9E:B4:17:BE:E7:37:37:91:1B:63:0E:59","sha256":"E3:B0:28:26:78:9D:65:3D:22:4D:3E:DA:CB:E4:E8:77:CB:72:86:FC:4C:92:26:72:F6:22:67:41:CA:57:AD:65"}}},"request":{"raw":"GET /dns-query?name=_r.chrome-extension-da0e5-bc.com\u0026type=TXT HTTP/1.1\r\nHost: cloudflare-dns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/dns-json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pump.fun-click.stream/\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: cloudflare\r\ndate: Wed, 18 Mar 2026 14:12:33 GMT\r\ncontent-type: application/dns-json\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\ncontent-length: 248\r\ncf-ray: 9de4d53aee724b93-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":248,"size_decoded":0,"mime_type":"application/dns-json","magic":"JSON text data","md5":"8c35d14447289e11a1e542a8d7c0730c","sha1":"063ea9581dade8c78a1622303bafffa68d9fd4cf","sha256":"bd180fc8a9ea97f2fcc5a89bec2a88b3d979ba5203920c4f8495814c0e216d50","sha512":"5deba47a12df32cc9db72fac63ee0c0ec210f84efd8bfb9a0ab2683ebe727507756ecc7d3217c702abafce3de7014858ac5ebec261321eefe23ce91ffc9568a9","ssdeep":"","tlshash":"c5d0a785948880fc751b6b54c4c35847df7c32b273dcbe7996442e58e2db341a4962ab","first_seen":"2026-03-18T14:13:10.126108Z","last_seen":"2026-03-18T14:18:46.187762Z","times_seen":2,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":78,"dns":35,"connect":12,"send":0,"wait":16,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"cloudflare-dns.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T14:12:32.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __js_challenge=1773843152.532\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 745242\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: no-cache, no-store, must-revalidate\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":745242,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1537), with CRLF line terminators","md5":"a2dc4fc333542775bcdc07faf00ca8cd","sha1":"fd5034547b5c405002ef9a48a2652f25f74a4910","sha256":"6347b079001590d3126558c529e30ef3db507157e7ec5b68d4ea8261bcc1f1b5","sha512":"3d4e40105c3816df1f068b1ba119fa6c043cb28207b72778c3ded6deb1ed4e9c31055cf70e9584b2431c678fdb6ac26c83227c5ff462043c808e00a7aa7776ad","ssdeep":"3072:rHkPiBWPIQI0Hv3JoDCmNPSin4IWyO365xhgT18DKmNPSin4IKyO365xhO:rERP5I0H+DVB/hVDtB/hO","tlshash":"11f4d639124112563633c77caff8568af6a44527ee82a61d36dd2b824ff3478ac53d8c","first_seen":"2026-03-09T06:06:40.089936Z","last_seen":"2026-03-18T14:18:46.217849Z","times_seen":6,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":39,"dns":1,"connect":16,"send":0,"wait":19,"receive":96,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/da39a3ee5e6b4b0d3255bfef95601890afd80709","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 745243\r\nX-Powered-By: Express\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: no-cache, no-store, must-revalidate\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":495324,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1537), with CRLF, LF line terminators","md5":"90f2b4ed68b3d401188f837290da37e8","sha1":"d2c559e17cba97d7fdc10eb7c3608e058da0157d","sha256":"e9ef599f66252781efbea31788cf6e60a673e6462b75e610d621f1b1df77c397","sha512":"93a8079d34339878e8fd8ea6c04b7fffab7d9514560dd7fd1b440f573b53f6753f3cf13c1c09bf5722b86c24e11eae4bd0f923c0840099514dd3ea4543b0ac07","ssdeep":"3072:rXkPiBWPIQI0Hv3JoDCmNPSin4IWyO365xhe:r0RP5I0H+DVB/he","tlshash":"2eb4c674128012963633c778abb4978af6a58527ee47d61c32dd6b824ff78b4dc13d88","first_seen":"2026-03-18T14:13:10.128064Z","last_seen":"2026-03-18T14:13:10.128064Z","times_seen":1,"resource_available":false,"data":null}},"time_used":439,"timings":{"blocked":194,"dns":0,"connect":0,"send":0,"wait":94,"receive":151,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_3839fbeca9dcd7d03fc8538b7a25aae3d9c50bdc.jpg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_3839fbeca9dcd7d03fc8538b7a25aae3d9c50bdc.jpg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 49660\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":49660,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 1920x1080, components 3","md5":"8aa9c4febaf0df93b1e66c1b2be1c875","sha1":"3839fbeca9dcd7d03fc8538b7a25aae3d9c50bdc","sha256":"49693e8c77726cf48d8c11d743c602cced5ff2336f58a59d71bea71ba33e7735","sha512":"900f295733115a1f0aee0e40fe78fe878ad4988acf55fd9684299879358f70aa63e39e1d64904f31ca6115d662b0de4a79958b6b2287f7e7ad744ed98e23175a","ssdeep":"1536:X999999999999999999999999999999999999999999999999999999999RwVrdK:IFH9999999999999999999999999999y","tlshash":"72234be7cb692932c7581df333ba9d303a916911b5f1a845b6e60dc857ebf18b41c3a0","first_seen":"2026-01-31T13:50:49.926814Z","last_seen":"2026-03-18T14:13:10.129262Z","times_seen":10,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":88,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_4f78e454eadf11ce5c8417c4c4e7d2df442d4845.webp","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_4f78e454eadf11ce5c8417c4c4e7d2df442d4845.webp HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/webp\r\nContent-Length: 500\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":500,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 32x32, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1d7eef88eb5d864e3c5fe7b6708aded4","sha1":"4f78e454eadf11ce5c8417c4c4e7d2df442d4845","sha256":"22ada0d3761fd83c9ed073327bf03e04e982c6db07d8c0f9ceb98179a4244479","sha512":"7c53ec64699bd48ef2423d1deb2466838c923a34859341134aa471ceac376355c72677cf35e672848ea9c2a586637f87264de9c5e8242f0c70ff138d1b878224","ssdeep":"","tlshash":"2af00e0fe7b78bcb2c76bb21b41c1b720069128241a0daa348a5a929c10b242624e43a","first_seen":"2025-12-18T09:47:26.92337Z","last_seen":"2026-05-06T23:07:45.724551Z","times_seen":15,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":128,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/api/v2/handshake","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"OPTIONS /api/v2/handshake HTTP/1.1\r\nHost: verify-modal-2735.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://pump.fun-click.stream/\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ndate: Wed, 18 Mar 2026 14:12:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qHuIjlxpIMPSQb9c2ivzq%2FjVZm1STrGeVOXdiQv3eW%2FXEtXZN2HPQgStPu2ORaGmvbFlsWWMkZyJ2lRAoIIixNp2w%2B0sqcWvSEKMscikQKZq5LzHHws3sTrghgu3rvItPX15syPY\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::gflqt-1773843156280-32285d5a300d\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-16T18:14:59.881264Z","times_seen":15290215,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 07:41:58 GMT","end":"Fri, 12 Jun 2026 07:41:57 GMT"},"fingerprint":{"sha1":"C0:16:76:CB:73:59:54:FD:EE:F5:98:D9:1E:84:2C:64:5E:69:4A:C1","sha256":"EB:7F:C6:00:94:82:C3:E3:51:75:19:72:94:30:B8:60:5D:EE:9D:90:4D:0A:8E:6F:2C:9A:F7:84:10:1D:65:C5"}}},"request":{"raw":"GET /solflare-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Mar 2026 14:12:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:15 GMT\r\nVary: Origin\r\nServer: cloudflare\r\nCF-RAY: 9de4d55368a0a0f0-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6028322,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"702758821d82f5549c2922f81710886f","sha1":"f318b7afd08f139ed22ac505130fc66efcc40962","sha256":"8b093466588a613d01fdfa9d301866c5a064d3f7e8b8d0105c6b3df4972c15bb","sha512":"27b892bfafa582e0d5b19eb7d7c7e714c468c58aecb3bc69f81b37b273f9222cb302f34045e4bfb3d436e6be55a3fa54b223cd6f801045bed2a8ba6dc3c41c90","ssdeep":"24576:WKS1/OBbi61/Vvx5qYONFC9VGM60S15tk+ebyMyRfMdlE:38h+tvxpOXC9VBTOFR0dS","tlshash":"412533b9b82a3481eb0179507d6f2522a9f7746f487b7f734354fa2363eae85d2c1018","first_seen":"2026-03-08T18:49:18.14445Z","last_seen":"2026-05-10T10:13:50.979515Z","times_seen":61,"resource_available":false,"data":null}},"time_used":1008,"timings":{"blocked":63,"dns":26,"connect":3,"send":0,"wait":412,"receive":467,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/71c9dfb6943594ac3caa4c7089a96a670d8999c6.svg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /71c9dfb6943594ac3caa4c7089a96a670d8999c6.svg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 11\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":11,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"33deebbab984522342f086d9e3b3c5bf","sha1":"71c9dfb6943594ac3caa4c7089a96a670d8999c6","sha256":"dd227db8d2c25030227843fd13d7067d05062ce191973ba1f72892aa85034e8e","sha512":"66d213d5fe81e3bc5aa6c712a7b5a315e9e886be07d69d57b12ef4f3095dd57d8d70200215a8359a11feff5b4636f3f99f6bb29d0e489e787e93e1109b24b963","ssdeep":"","tlshash":"6b500000c0000000c0300030cc00000003000000000c00ccf0c0000c00000c30c0c0c0","first_seen":"2026-01-31T13:50:49.915164Z","last_seen":"2026-04-01T11:55:02.222098Z","times_seen":9,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":104,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_5b6a9abcf0e0c40f36f72a28311625b53817c599.jpg","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_5b6a9abcf0e0c40f36f72a28311625b53817c599.jpg HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 219119\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":219119,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1536x664, components 3","md5":"9e9f262251febee7ebe105dccff7ac5d","sha1":"5b6a9abcf0e0c40f36f72a28311625b53817c599","sha256":"ba1b2cbed7b55c620cf420a9f546f9f38355a027779de38bcfcedc9d05319506","sha512":"88453742e5a79f0b722dffeaa6ed5617f5c8e1bcb0fca581369c69f8354bf07dadba73fc820f091aad75cf87308c427fae3fe927005c680ab8fa09cb0bca1f4d","ssdeep":"6144:mq2TpMj+XeXUXZM2mznv6zz4SHNaVPRL9O4Dg:mq21MSf2Hzy34StmPvR8","tlshash":"b3241392a73caed071e1283ae4271987c31f013c61d5dfb6e858a63c89142a27bf55df","first_seen":"2026-01-02T13:33:27.625281Z","last_seen":"2026-05-06T23:07:45.72516Z","times_seen":13,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":20,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/solana?id=69b5437c12ce2dac9075215e\u0026bundle=1","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:34.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"GET /solana?id=69b5437c12ce2dac9075215e\u0026bundle=1 HTTP/1.1\r\nHost: verify-modal-2735.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\nage: 0\r\ncache-control: no-cache\r\ncontent-encoding: br\r\ncontent-type: text/javascript; charset=utf-8\r\ndate: Wed, 18 Mar 2026 14:12:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1FflBQVZW%2FlWpe81CG7hATFWIWpd%2F1KYmsC6GFVbB%2FNgQU8wC%2BhXd6V1Hf3NfNGUk0%2FKCpL2S2BE107S%2BK0WjtfCCCgnZu%2BAZzAV3R2k5Pkit3wszPZu8yrbIOdIw8KfapfbzxoR\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin,Accept-Encoding\r\nx-ratelimit-limit: 60\r\nx-ratelimit-remaining: 59\r\nx-ratelimit-reset: 60\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::2mb9p-1773843154879-1b1ee1b5905e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2850455,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (33714)","md5":"8908b7dbcd9fe5553317b7eb408c1a2c","sha1":"ab6380c9009119ba95044cad26f2b091b7441f58","sha256":"9462c27727869570bb3aefb42684ca335e0335963ce29bc1fed223cf3515af93","sha512":"ea5c92c79d881214c6eae66c61fa4cbf69814c6c0b0bece70e5a41b0d629d8d4bdb597fa4bfc0f6a1d023940fa1ff096a48cce42b50034df5bf083108932e77c","ssdeep":"12288:c407ZxFIaZYlUIFPfNQBqOQeSKZdy1rq6c5249AZQmYN8Ge5CK3iT5MAEgjJy:c4CZxPkUF/s1r5c52aAZSu3idMAVJy","tlshash":"7b256cb073a1b07a03eb92d594661100f334941a700d84bcfbaca9eb6f959cb957bf35","first_seen":"2026-03-14T12:30:42.299591Z","last_seen":"2026-03-18T14:18:46.20466Z","times_seen":4,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":29,"dns":1,"connect":1,"send":0,"wait":401,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/api/v2/binary","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"OPTIONS /api/v2/binary HTTP/1.1\r\nHost: verify-modal-2735.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-config-id,x-session-id\r\nReferer: https://pump.fun-click.stream/\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ndate: Wed, 18 Mar 2026 14:12:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g75Rgpf1kX%2FkF2SJPpyRRWFXH7RwGOjnvZLWMAPCE4tiRpCaSu8b%2Fm8J94QWg3hQ6O7vqQ8XKHiKCGTMP3xJ05ZY8Goy9Efr8OFiDYGQlmxYw5tZgsZg9g8ij93SqrMx7j94%2F2xH\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::dvhvq-1773843156703-6a4aded7a350\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-16T18:14:59.881264Z","times_seen":15290215,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 07:41:58 GMT","end":"Fri, 12 Jun 2026 07:41:57 GMT"},"fingerprint":{"sha1":"C0:16:76:CB:73:59:54:FD:EE:F5:98:D9:1E:84:2C:64:5E:69:4A:C1","sha256":"EB:7F:C6:00:94:82:C3:E3:51:75:19:72:94:30:B8:60:5D:EE:9D:90:4D:0A:8E:6F:2C:9A:F7:84:10:1D:65:C5"}}},"request":{"raw":"GET /solflare-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Mar 2026 14:12:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:06:40 GMT\r\nVary: Origin\r\nServer: cloudflare\r\nCF-RAY: 9de4d556e9e42678-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8319275,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"c7f02284ef4c6c534add4f4cf923bd2e","sha1":"a8a1b5efc7188d57767b8c10dd21a5bdaba1aa4d","sha256":"ec27d89fbe8d16080062e2d897533f7eb588857b3955dfd53a7d5d240121bc2a","sha512":"7821407b7deebbbd4ded8b8d19129e39ca67ca223f89605a6491de9e2b3344d9b3598bf0561f71ee60690509852fe5534812d49fd9e4caa5953bc2035f08b73b","ssdeep":"24576:bDYQNB1s7x5nT9wysI0jlfn8CUBJRzdUkkIrCfh2SA8RMT0Y:bDYCBsTqTjl0TBLWLZ2SA840Y","tlshash":"0925336db03d9653ebaf30223e5a13c0aedb901c8dbd3e213384ad21875b5ed1d6865d","first_seen":"2026-03-07T00:53:06.700379Z","last_seen":"2026-05-10T10:13:51.011793Z","times_seen":63,"resource_available":false,"data":null}},"time_used":1539,"timings":{"blocked":629,"dns":0,"connect":0,"send":0,"wait":166,"receive":744,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 07:41:58 GMT","end":"Fri, 12 Jun 2026 07:41:57 GMT"},"fingerprint":{"sha1":"C0:16:76:CB:73:59:54:FD:EE:F5:98:D9:1E:84:2C:64:5E:69:4A:C1","sha256":"EB:7F:C6:00:94:82:C3:E3:51:75:19:72:94:30:B8:60:5D:EE:9D:90:4D:0A:8E:6F:2C:9A:F7:84:10:1D:65:C5"}}},"request":{"raw":"GET /solflare-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Mar 2026 14:12:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:07:07 GMT\r\nVary: Origin\r\nServer: cloudflare\r\nCF-RAY: 9de4d55749022efa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8319275,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"c7f02284ef4c6c534add4f4cf923bd2e","sha1":"a8a1b5efc7188d57767b8c10dd21a5bdaba1aa4d","sha256":"ec27d89fbe8d16080062e2d897533f7eb588857b3955dfd53a7d5d240121bc2a","sha512":"7821407b7deebbbd4ded8b8d19129e39ca67ca223f89605a6491de9e2b3344d9b3598bf0561f71ee60690509852fe5534812d49fd9e4caa5953bc2035f08b73b","ssdeep":"24576:bDYQNB1s7x5nT9wysI0jlfn8CUBJRzdUkkIrCfh2SA8RMT0Y:bDYCBsTqTjl0TBLWLZ2SA840Y","tlshash":"0925336db03d9653ebaf30223e5a13c0aedb901c8dbd3e213384ad21875b5ed1d6865d","first_seen":"2026-03-07T00:53:06.700379Z","last_seen":"2026-05-10T10:13:51.011793Z","times_seen":63,"resource_available":false,"data":null}},"time_used":1740,"timings":{"blocked":682,"dns":0,"connect":0,"send":0,"wait":370,"receive":688,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump.fun-click.stream/image_ab0769f125dbb5c5734ece6905eb613592c66c5d.png","fqdn":"pump.fun-click.stream","domain":"fun-click.stream","tld":"stream"},"ip":{"addr":"82.38.96.226","port":443,"asn":5089,"as":"Virgin Media","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:32.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump.fun-click.stream","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 22:33:52 GMT","end":"Fri, 12 Jun 2026 22:33:51 GMT"},"fingerprint":{"sha1":"1F:D1:C9:69:53:13:C6:9E:F5:ED:BB:5A:C8:79:BE:79:FB:04:89:A9","sha256":"60:89:38:0A:64:91:6D:82:D6:03:FE:01:77:D1:EB:19:D3:94:10:60:09:39:C8:BF:C7:8A:E0:8B:F6:3E:EE:49"}}},"request":{"raw":"GET /image_ab0769f125dbb5c5734ece6905eb613592c66c5d.png HTTP/1.1\r\nHost: pump.fun-click.stream\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nCookie: __js_challenge=1773843152.532\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: L7-Protection\r\nDate: Wed, 18 Mar 2026 14:12:32 GMT\r\nContent-Type: image/png\r\nContent-Length: 2453\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\nCache-Control: public, max-age=1800\r\nX-Protected-By: SatxCloud\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2453,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 51, 8-bit colormap, non-interlaced","md5":"77dff240b185cca96e7ac6ad95bcaaa2","sha1":"ab0769f125dbb5c5734ece6905eb613592c66c5d","sha256":"d7912627f5e68345d81f5ea601e7598775405d8689799881f9f43c1d06205c74","sha512":"8304e7a4eec54e244fd4d5154c6ccaedf8e17eb30093e2e9379ecf430cd48af027d72dc692cff2a398daf882ee6fb6c1e4436e145a702defb681328dcded81c7","ssdeep":"","tlshash":"1d512adf7830ad85b1ab229690756a73693e6247910dc4843bb05aa7c0a98c1b097fcb","first_seen":"2025-12-18T09:47:26.921559Z","last_seen":"2026-05-06T23:07:45.752454Z","times_seen":14,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":128,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"verify-modal-2735.vercel.app/api/v2/handshake","fqdn":"verify-modal-2735.vercel.app","domain":"verify-modal-2735.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/handshake HTTP/1.1\r\nHost: verify-modal-2735.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pump.fun-click.stream/\r\nContent-Type: application/octet-stream\r\nContent-Length: 71\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 18 Mar 2026 14:12:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nDrukNMRcDZF1fxPCpf3D9YV4V1hqOGEH2NGXHbeRzSQQ71xIAXsoSwV9%2Bk2LQByo3K%2BexI3QBTNRxphHd73NpTwoqgBN3EwzFkS7rvk9kn0O2BH6DKNK9QgqIMctUnrjfJ6XcdE\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-session-id: d9a35f51b521105db5872592bba8bf23\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::qs6pz-1773843156539-70f97f20372c\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"474c2896344d3b9e2ad79998fb8dce30","sha1":"4e889176e9753564b027ba32ae4ccd6c25543815","sha256":"f2f0f936ead6d57a148d44814b259b3de2e4ca4a04ce27f28f5939a8b7e877ea","sha512":"24583f77de74dc6bc9cf8b01ec699fb185bc0300230f7925a073374afac530d4fc2bfe195837d3b94bfa022fc9c06069aa19cf0b35a7d5aef804d311abe6940c","ssdeep":"","tlshash":"31a0120a401481bac1c16839a0574476001353ce4100f441289cac0184011441252358","first_seen":"2026-03-18T14:13:10.137687Z","last_seen":"2026-03-18T14:13:10.137687Z","times_seen":1,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump.fun-click.stream/","date":"2026-03-18T14:12:36.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Mar 2026 07:41:58 GMT","end":"Fri, 12 Jun 2026 07:41:57 GMT"},"fingerprint":{"sha1":"C0:16:76:CB:73:59:54:FD:EE:F5:98:D9:1E:84:2C:64:5E:69:4A:C1","sha256":"EB:7F:C6:00:94:82:C3:E3:51:75:19:72:94:30:B8:60:5D:EE:9D:90:4D:0A:8E:6F:2C:9A:F7:84:10:1D:65:C5"}}},"request":{"raw":"GET /phantom-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump.fun-click.stream\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pump.fun-click.stream/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 18 Mar 2026 14:12:37 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Origin: *\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:28:10 GMT\r\nVary: Origin\r\nServer: cloudflare\r\nCF-RAY: 9de4d5535bad4e4c-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3967947,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"d93576ba91ca34c6a838ecb0a2007171","sha1":"c4e5bde21d173bd4fcd9129fbdbde6222c276da2","sha256":"bd3b1e09eca059acc8e0bbb505184eb2e25f7d41b27842fc776734881d4742df","sha512":"1757d06e3d6fcf45d5a48f8f6339866791fe4add35e57b447144d7b3bc7c7b25a851adda4b4abfdadc8dc7134f21016a79f7405bb79e50115dce6a8c93a59ef6","ssdeep":"24576:avufiMHLszpYKMLHl4XSjC3h+NeQo3QSlw:oFMHLsMl/CzsAw","tlshash":"db2523ae806d4dc1229501a12516783c14a5a07e8df2bc3db5a8df8dc29ff7b9ce90f5","first_seen":"2026-03-07T01:35:12.450999Z","last_seen":"2026-05-10T10:13:50.977502Z","times_seen":62,"resource_available":false,"data":null}},"time_used":1120,"timings":{"blocked":62,"dns":28,"connect":3,"send":0,"wait":624,"receive":369,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-18","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}}]}